Data breach? Not doing business with you, sorry…

Almost one in four Americans stop doing business with companies who have been hacked, and more than two in three people trust a company less after a data breach, reported ZD Net.

The data breach trend

Today’s economy thrives on disruption. Unless you maintain
quality services and keep up with technology, you are likely to become
obsolete. Blockbuster, Tower Records, and Myspace are reminders of what can
happen if your business fails to adapt and evolve with technology, claims the True Passwordless Security Whitepaper.

Quality services, however, increasingly depend on securely keeping up with technology – as
we shall see in a moment.

The CrowdStrike’s Global Threat Report 2020 points out to a snowballing number
of the ransomware incidents, followed by ransom demands from cybercriminals who
conducted data exfiltration from feebly protected companies.

The ransomware related data breaches in 2019 were particularly
characterised by a nasty method, described by CrowdStrike as ‘big game hunting’.
Using this method, a hacker known as ‘Gnosticplayers’ was hacking companies from
2016 through 2019 and was selling their data on the dark web marketplaces.

The Capital One hack, as disclosed in July 2019, impacted
more than 100 million Americans and six million Canadians. An investigation
revealed that the suspect behind the hack illegally accessed Capital One’s AWS
servers to retrieve the data, along with the data from 30 other companies.

‘Cloud blunder’ is also becoming common reasons for data
breaches. This exercise, sometimes called ‘channelling-off’, usually happens when
another company extracts a subset of data from a corporate key database without
affecting it. ‘Cloud blunder’ typically happens when cloud services are not appropriately
secured or when data moves to an outside company (e.g. to marketers) and then becomes
stolen.

And the list is going on as the data breaches are becoming increasingly
common – and more and more costly.

Consequences of a data breach

When news of a data breach at major organisation breaks, the
aftermath can be chaotic, says ZD Net. How chaotic it can become shows a recent
study portraying the Wall Street reaction to an enterprise that suffered a data
breach:

The average share price of a company disclosing
data breach falls by 7.27%.

The full impact may not be felt until 14 market
days or more have passed.

Share prices may rebound, but the financial
health of an organisation will suffer in the long-term.

Detection
and escalation: Activities that enable companies to detect and report the
breach.

Notification:
The activities the company must undertake to notify people whose data has been
compromised. The regulatory bodies must also be informed.

Post data
breach response: This involves the processes of helping customers
communicate with the company and also the related costs of redress.

Lost
business: This is the largest single cost of a data breach and amounts 36%
of the total cost. This includes lost business (revenue loss), business
disruption, systems downtime and customer acquisition.

On average, customers’ trust in a hacked company declines by
more than 67% after a data breach, reveals a recent study. The data breaches of Facebook (85%),
Marriott (78%), and SunTrust Banks (77%) were among the most memorable in 2018.

Almost all respondents (92%) in the cited study agree that
companies are financially liable to their customers after a breach and over one
in five people are unwilling to give their financial information to a company that
has been hacked.

South Africa is no data breach exception

South Africa is also experiencing a disturbingly high number
of data breaches with the Liberty Life data breach still being the biggest thus
far. In October 2018, South Africa experienced its biggest-ever data breach in
which 60 million ID details were exposed on a real estate server. The company
refused a ransom demand and this breach disclosed the personal details of more
than 30 million people.

Early this year, the South African Nedbank has suffered
a data breach via a third-party service provider. The incident potentially
affected 1.7 million customers.

Research by Ponemon Institute showed that a data breach
costs South African companies R50 million (about USD 3m) on average. By
comparison, the average data breach in the UK costs R60 million (USD 3.88m),
Germany R73 million (USD 4.78m) and in the United States R130 million (USD
8.19m.

Who will be the next? We do not know for sure but, if the
trend continues, the next data breaches will have even starker
consequences.

The basic cybersecurity hygiene for preventing data breaches

At the RSA 2020 conference, Microsoft warned that 1.2 million accounts were
compromised in January, almost all of which were preventable by one simple
security measure. Microsoft warns that only 11% of enterprise users make use of
tools such as multi-factor authentication. A staggering 89% of accounts remain
open to fairly simple attacks.

The basic cybersecurity hygiene, which can prevent many
attacks, includes keeping our passwords safe (e.g. by getting a password
manager), developing a habit to check before we click, and keeping our devices
and software updated.

Closing any digital account that is not in use anymore is
one of the best ways to rid of unnecessary worries if these accounts are being
hacked.

For some accounts, we can use social media (e.g. Google,
Facebook, LinkedIn, or Twitter) to log in, if that option is available. This
option, however, is reasonable only if we have very strong passwords for our
social media accounts.

Not clicking on unknown or suspicious links whether on
websites or in emails can save us from many troubles. It will prevent malware
infection and help to keep our credentials safe. A maxim ‘better safe than
sorry’ should become the order of the day.

Setting software on automatic update always when possible is
another habit that will reduce a need for remembering this important security
task. This is particularly vital for cybersecurity applications such as firewalls
and antivirus software. Also, introducing advanced cybersecurity technologies when
possible (e.g. artificial intelligence) can significantly help.

Avoiding cybersecurity information overload is a way of
managing cybersecurity
fatigue. It is indeed easier said than done but we should try not to
read everything that is daily served to us on the Internet. For example,
instead of reading about ‘55 ways to secure our digital life’, we should strive
to learn more about a security topic or two per week that we can easily relate
to.

Insurance can also help. In these times of still
non-bulletproof technology and skills shortage, IT and business managers
increasingly consider taking cybersecurity insurance to protect organisational
IT budget from unforeseen cybersecurity incidents. The main benefits of cyber
insurance include cover for various costs: from IT internal forensic
investigation of cybersecurity incidents to the processes of recovering and
lost income.

However, building a proactive culture, which demonstrates
that cybersecurity is not a solely technological problem, is the key to
preventing data breaches.

Performing even basic cybersecurity hygiene will help
organisations to protect their business and reputation. More advanced
cybersecurity practices, such as ones we offer at VM Advisory,
will bolster your company’s cybersecurity posture that will keep your customers
and business partners happy.